CVE-2024-44309 — Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability

2024-11-21 • CISA Known Exploited Vulnerability

[event] Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.

> AFFECTED SOFTWARE

Field	Value
Vendor	Apple
Product	Multiple Products
CWE	CWE-79
CVE ID	CVE-2024-44309
Date Added	2024-11-21
Due Date	2024-12-12
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-12-12

> REFERENCES

[1] https://support.apple.com/en-us/121752,
[2] https://support.apple.com/en-us/121753,
[3] https://support.apple.com/en-us/121754,
[4] https://support.apple.com/en-us/121755,
[5] https://support.apple.com/en-us/121756
[6] https://nvd.nist.gov/vuln/detail/CVE-2024-44309